Delete expired pending logins

2023-05-04 22:21:13 -05:00 · 2023-05-04 22:21:13 -05:00 · 9b441333a7
parent 6b03c3760a
commit 9b441333a7
4 changed files with 29 additions and 5 deletions
--- a/src/auth/session.go
+++ b/src/auth/session.go
@ -143,7 +143,16 @@ func DeleteExpiredSessions(ctx context.Context, conn *pgxpool.Pool) (int64, erro
 	return tag.RowsAffected(), nil
 }

-func PeriodicallyDeleteExpiredSessions(ctx context.Context, conn *pgxpool.Pool) jobs.Job {
+func DeleteExpiredPendingLogins(ctx context.Context, conn *pgxpool.Pool) (int64, error) {
+	tag, err := conn.Exec(ctx, "DELETE FROM pending_login WHERE expires_at <= CURRENT_TIMESTAMP")
+	if err != nil {
+		return 0, oops.New(err, "failed to delete expired pending logins")
+	}
+
+	return tag.RowsAffected(), nil
+}
+
+func PeriodicallyDeleteExpiredStuff(ctx context.Context, conn *pgxpool.Pool) jobs.Job {
 	job := jobs.New()
 	go func() {
 		defer job.Done()
@ -154,6 +163,7 @@ func PeriodicallyDeleteExpiredSessions(ctx context.Context, conn *pgxpool.Pool)
 			case <-t.C:
 				err := func() (err error) {
 					defer utils.RecoverPanicAsError(&err)
+
 					n, err := DeleteExpiredSessions(ctx, conn)
 					if err == nil {
 						if n > 0 {
@ -162,10 +172,20 @@ func PeriodicallyDeleteExpiredSessions(ctx context.Context, conn *pgxpool.Pool)
 					} else {
 						logging.Error().Err(err).Msg("Failed to delete expired sessions")
 					}
+
+					n, err = DeleteExpiredPendingLogins(ctx, conn)
+					if err == nil {
+						if n > 0 {
+							logging.Info().Int64("num deleted pending logins", n).Msg("Deleted expired pending logins")
+						}
+					} else {
+						logging.Error().Err(err).Msg("Failed to delete expired pending logins")
+					}
+
 					return nil
 				}()
 				if err != nil {
-					logging.Error().Err(err).Msg("Panicked in PeriodicallyDeleteExpiredSessions")
+					logging.Error().Err(err).Msg("Panicked in PeriodicallyDeleteExpiredStuff")
 				}
 			case <-ctx.Done():
 				return
--- a/src/website/auth.go
+++ b/src/website/auth.go
@ -141,8 +141,6 @@ func LoginWithDiscord(c *RequestContext) ResponseData {
 		return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to save pending login"))
 	}

-	// TODO: EXPIRE THESE
-
 	discordAuthUrl := discord.GetAuthorizeUrl(pendingLogin.ID, true)
 	return c.Redirect(discordAuthUrl, http.StatusSeeOther)
 }
--- a/src/website/discord.go
+++ b/src/website/discord.go
@ -74,6 +74,12 @@ func DiscordOAuthCallback(c *RequestContext) ResponseData {
 			return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to look up pending login"))
 		}
 		destinationUrl = pendingLogin.DestinationUrl
+
+		// Delete the pending login; we're done with it
+		_, err = tx.Exec(c, `DELETE FROM pending_login WHERE id = $1`, pendingLogin.ID)
+		if err != nil {
+			c.Logger.Warn().Str("id", pendingLogin.ID).Err(err).Msg("failed to delete pending login")
+		}
 	} else {
 		// Check the state against the current session - if it does not match,
 		// then CSRF'd!!!!
--- a/src/website/website.go
+++ b/src/website/website.go
@ -43,7 +43,7 @@ var WebsiteCommand = &cobra.Command{
 		}

 		backgroundJobsDone := jobs.Zip(
-			auth.PeriodicallyDeleteExpiredSessions(backgroundJobContext, conn),
+			auth.PeriodicallyDeleteExpiredStuff(backgroundJobContext, conn),
 			auth.PeriodicallyDeleteInactiveUsers(backgroundJobContext, conn),
 			perfCollector.Job,
 			discord.RunDiscordBot(backgroundJobContext, conn),